Jeremy Doran
2014-Apr-21 16:52 UTC
[Dovecot] Trying to get DSpam+Dovecot working with Postfix and local/virtual domains
Hi, I'm hoping that someone might be able to help, as I've been going in circles with trying to get the right configuration done here. I'm also not sure whether this is more of a Dovecot or DSpam question, so I'm posting the same to both mailing lists. My goal is to have a mail setup that is as follows: [Incoming email] --> [Postfix] --> [Amavis] --> [DSpam] --> [Dovecot LDA] -+---(local domain)---> /var/mail/${user} | +---(virtual)---> /home/vmail/${domain}/${user}@{domain} As of right now, I have Postfix successfully feeding into Amavis, re-injecting into Postfix with a final delivery for the local domain via procmail, and final delivery for virtual domains via the virtual transport into maildir (but /home/vmail/${user}@${domain}) Virtual domains are being managed by PostfixAdmin. Dovecot is running as the IMAP server. Everything (Postfix, PostfixAdmin, Dovecot) is using a Postgres database as backend for the dynamic maps/authentication. The problem I've been stumbling over is trying to get DSpam to work nicely with both a local domain and virtual domains/mailboxes, and the same for Dovecot, as I would rather like to make use of the Sieve functionality going forward instead of Procmail. I did have DSpam working, but was unable to get the Dovecot antispam plugin working to re-train based on moving mails into/out of a defined 'SPAM' folder, due to permissions relating to how the antispam plugin was calling DSpam. I'm really not wanting to make the local domain into a virtual mailbox domain, because there are users on the system (for that local domain) that already use the password in /etc/passwd for accessing the server for other uses. While there are also people who do that who have virtual mailbox domains, it's a far lower number. Here's what I have so far. Postfix 2.11.0 main.cf (via 'postconf -nf'): alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = amavisfeed:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = /usr/local/share/doc/postfix inet_interfaces = all inet_protocols = ipv4 ipv6 local_recipient_maps = $transport_maps unix:passwd.byname $alias_maps mail_owner = postfix mailbox_command = /usr/local/bin/procmail -a "$EXTENSION" mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = critter.net myhostname = cornix.critter.net mynetworks = 127.0.0.0/8, 46.4.24.15/32, [::1]/128, [2a01:4f8:131:4263::]/64, 184.73.168.110/32, [2001:470:7:12ba::]/64 mynetworks_style = host myorigin = $mydomain newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = - relay_domains = pgsql:$config_directory/Maps/pgsql_relay_domains_maps.cf sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtp_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem smtp_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem smtp_tls_key_file = /etc/ssl/private/smtp.critter.net.pem smtp_tls_session_cache_database = /var/db/postfix/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/ssl/certs/Critter.Net_Certificate_Authority.pem smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/ssl/certs/smtp.critter.net.pem smtpd_tls_key_file = /etc/ssl/private/smtp.critter.net.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/var/db/postfix/smtpd_scache smtpd_use_tls = yes soft_bounce = yes tls_random_source = dev:/dev/urandom transport_maps = pgsql:$config_directory/Maps/pgsql_transport_maps.cf unknown_local_recipient_reject_code = 450 virtual_alias_maps = pgsql:$config_directory/Maps/pgsql_virtual_alias_maps.cf virtual_gid_maps = static:400 virtual_mailbox_base = /home/vmail virtual_mailbox_domains pgsql:$config_directory/Maps/pgsql_virtual_domain_maps.cf virtual_mailbox_limit = 51200000 virtual_mailbox_maps pgsql:$config_directory/Maps/pgsql_virtual_mailbox_maps.cf virtual_minimum_uid = 400 virtual_transport = virtual virtual_uid_maps = static:400 master.cf (via 'postconf -Mf'): smtp inet n - n - - smtpd 24 inet n - n - - smtpd submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - n - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,permit_mynetworks,reject -o milter_macro_daemon_name=ORIGINATING pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache amavisfeed unix - - - - 2 smtp -o syslog_name=postfix/amavisfeed -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - n - - smtpd -o syslog_name=postfix/amavis-reinject -o content_filter -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions -o smtpd_sender_restrictions -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions -o smtpd_restriction_classes -o mynetworks=127.0.0.0/8,[::1]/128 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients -o smtpd_milters -o local_recipient_maps -o relay_recipient_mapsdovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Dovecot 2.2.10 config (via 'dovecot -n'): # 2.2.10: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p1 amd64 auth_debug = yes auth_verbose = yes debug_log_path = /var/log/dovecot-debug.log first_valid_uid = 400 mail_location = mbox:~/Mail:INBOX=/var/mail/%u mail_privileged_group = mail namespace inbox { inbox = yes location mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix } passdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } passdb { driver = pam } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } userdb { driver = passwd } DSpam 3.9.0 dspam.conf: Home /var/db/dspam StorageDriver /usr/local/lib/dspam/libpgsql_drv.so TrustedDeliveryAgent "/usr/local/bin/procmail" UntrustedDeliveryAgent "/usr/bin/procmail -d %u" OnFail error Trust root Trust dspam Trust apache Trust mail Trust mailnull Trust smmsp Trust daemon TrainingMode teft TestConditionalTraining on Feature whitelist Algorithm graham burton Tokenizer chain PValue bcr WebStats on Preference "trainingMode=TEFT" # { TOE | TUM | TEFT | NOTRAIN } -> default:teft Preference "spamAction=quarantine" # { quarantine | tag | deliver } -> default:quarantine Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM] Preference "statisticalSedation=5" # { 0 - 10 } -> default:0 Preference "enableBNR=on" # { on | off } -> default:off Preference "enableWhitelist=on" # { on | off } -> default:on Preference "signatureLocation=message" # { message | headers } -> default:message Preference "tagSpam=off" # { on | off } Preference "tagNonspam=off" # { on | off } Preference "showFactors=off" # { on | off } -> default:off Preference "optIn=off" # { on | off } Preference "optOut=off" # { on | off } Preference "whitelistThreshold=10" # { Integer } -> default:10 Preference "makeCorpus=off" # { on | off } -> default:off Preference "storeFragments=off" # { on | off } -> default:off Preference "localStore=" # { on | off } -> default:username Preference "processorBias=on" # { on | off } -> default:on Preference "fallbackDomain=off" # { on | off } -> default:off Preference "trainPristine=off" # { on | off } -> default:off Preference "optOutClamAV=off" # { on | off } -> default:off Preference "ignoreRBLLookups=off" # { on | off } -> default:off Preference "RBLInoculate=off" # { on | off } -> default:off AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride fallbackDomain AllowOverride ignoreGroups AllowOverride ignoreRBLLookups AllowOverride localStore AllowOverride makeCorpus AllowOverride optIn AllowOverride optOut AllowOverride optOutClamAV AllowOverride processorBias AllowOverride RBLInoculate AllowOverride showFactors AllowOverride signatureLocation AllowOverride spamAction AllowOverride spamSubject AllowOverride statisticalSedation AllowOverride storeFragments AllowOverride tagNonspam AllowOverride tagSpam AllowOverride trainPristine AllowOverride trainingMode AllowOverride whitelistThreshold AllowOverride dailyQuarantineSummary MySQLUIDInSignature on PgSQLServer /tmp/ PgSQLUser dspam PgSQLPass xxxxxx PgSQLDb dspam HashRecMax 98317 HashAutoExtend on HashMaxExtents 0 HashExtentSize 49157 HashPctIncrease 10 HashMaxSeek 10 HashConnectionCache 10 Notifications off PurgeSignatures 14 # Stale signatures PurgeNeutral 90 # Tokens with neutralish probabilities PurgeUnused 90 # Unused tokens PurgeHapaxes 30 # Tokens with less than 5 hits (hapaxes) PurgeHits1S 15 # Tokens with only 1 spam hit PurgeHits1I 15 # Tokens with only 1 innocent hit LocalMX 127.0.0.1 SystemLog on UserLog on Opt out ParseToHeaders on ServerPID /var/run/dspam.pid ServerDomainSocketPath "/var/run/dspam.sock" ClientHost /var/run/dspam.sock ProcessorURLContext on ProcessorBias on StripRcptDomain off All of this is running on a FreeBSD 10-p1 server. I hope that someone has successfully implemented a similar setup to what I'm aiming for, and might be able to help. Thanks.